Check for the Version of glibc
###############################################################################
# OpenVAS Vulnerability Test
#
# SuSE Update for glibc SUSE-SA:2010:052
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The Linux C library glibc was updated to fix critical security issues and several bugs:
CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_
environment variables allowed local attackers to execute code in
context of e.g. setuid root programs, elevating privileges.
This specific issue did not affect SUSE as an assertion triggers
before the respective code is executed. The bug was fixed by this
update nevertheless.
CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid
root execution and could load shared libraries from standard system
library paths.
This could be used by local attackers to inject code into setuid root
programs and so elevated privileges.
Both of these were found by Tavis Ormandy and we thank him for finding
and reporting those issues.
SUSE Linux Enterprise Server 9 is not affected by the above problems,
as its glibc does neither support LD_AUDIT nor the $ORIGIN expansion
required by the first problem.
On openSUSE 11.1, 11.2 and SUSE Linux Enterprise 10 Service Pack 3
and SUSE Linux Enterprise 11 GA also the following minor security
issues were fixed:
CVE-2010-0830: Integer overflow causing arbitrary code execution
in ld.so --verify mode could be induced by a specially crafted
binary. This would require running the code on untrusted code which
we did not consider likely.
We thank Dan Rosenberg for reporting this problem.
CVE-2010-0296: The addmntent() function would not escape the newline
character properly, allowing the user to insert arbitrary newlines
to the /etc/mtab; if the addmntent() is run by a setuid mount binary
that does not do extra input check, this would allow custom entries
to be inserted in /etc/mtab.
We thank Dan Rosenberg and Jeff Layton for reporting this problem.
CVE-2008-1391: The strfmon() function contains an integer overflow
vulnerability in width specifiers handling that could be triggered
by an attacker that can control the format string passed to strfmon().
We thank Maksymilian Arciemowicz for reporting this problem.
CVE-2010-0015: Some setups (mainly Solaris-based legacy setups)
include shadow information (password hashes) as so-called "adjunct
passwd" table, mangling it with the rest of passwd columns instead
of keeping it in the shadow table. Normally, Solaris will disclose
this information only to clients bound to a privileged port, but
when nscd is deployed on the client, getpwnam() would disclose the
password hashes to all users. New mode "adjunct as shadow" ...
Description truncated, for more information please check the Reference URL";
tag_solution = "Please Install the Updated Packages.";
tag_impact = "local privilege escalation";
tag_affected = "glibc on openSUSE 11.1, openSUSE 11.2";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.850148");
script_version("$Revision: 8469 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $");
script_tag(name:"creation_date", value:"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "SUSE-SA", value: "2010-052");
script_cve_id("CVE-2008-1391", "CVE-2010-0015", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3847", "CVE-2010-3856");
script_name("SuSE Update for glibc SUSE-SA:2010:052");
script_tag(name: "summary" , value: "Check for the Version of glibc");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "openSUSE11.1")
{
if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-obsolete", rpm:"glibc-obsolete~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.9~2.13.1", rls:"openSUSE11.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "openSUSE11.2")
{
if ((res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-devel", rpm:"glibc-devel~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-html", rpm:"glibc-html~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-i18ndata", rpm:"glibc-i18ndata~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-info", rpm:"glibc-info~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-locale", rpm:"glibc-locale~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-obsolete", rpm:"glibc-obsolete~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-profile", rpm:"glibc-profile~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-32bit", rpm:"glibc-32bit~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-devel-32bit", rpm:"glibc-devel-32bit~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-locale-32bit", rpm:"glibc-locale-32bit~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"glibc-profile-32bit", rpm:"glibc-profile-32bit~2.10.1~10.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}